[FFmpeg-devel] [PATCH] avformat/hls: look for trailing GET headers with m3u8 extension check

[Andreas Rheinhardt]

Leo Izen:
> After commit 6b1f68ccb04d791f0250e05687c346a99ff47ea1 we refuse to use
> URLs of the form https://foo.bar/baz.m3u8?foo=bar because it fails the
> file extension check. This commit strips the ?foo=bar at the end before
> checking the file extension.
> 
> Signed-off-by: Leo Izen <leo.izen at gmail.com>
> ---
>  libavformat/hls.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/hls.c b/libavformat/hls.c
> index 11e345b280..6a97cced17 100644
> --- a/libavformat/hls.c
> +++ b/libavformat/hls.c
> @@ -2534,7 +2534,16 @@ static int hls_probe(const AVProbeData *p)
>          strstr(p->buf, "#EXT-X-TARGETDURATION:") ||
>          strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) {
>  
> -        if (!av_match_ext(p->filename, "m3u8,hls,m3u")) {
> +        char *request_qmark = strchr(p->filename, '?');
> +        int match_ext;
> +
> +        if (request_qmark)
> +            *request_qmark = '\0';
> +        match_ext = av_match_ext(p->filename, "m3u8,hls,m3u");
> +        if (request_qmark)
> +            *request_qmark = '?';
> +
> +        if (!match_ext) {
>              av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
>              return 0;
>          }

This temporarily modifies p->filename which is a const char* (you let
strchr cast the const away); it is provided by the user and may point to
read-only memory, i.e. restoring the string is not safe. Furthermore, it
may lead to data races, because the string might be used somewhere else
concurrently (hypothetically, we could even run the probe functions in a
multi-threaded way).

- Andreas